Bug#987956: libgcrypt20: ECDH decryption fails with "gpg: public key decryption failed: Invalid object" error message

Sun May 2 18:47:15 BST 2021

Package: libgcrypt20
Version: 1.8.7-4
Severity: important

Dear Maintainer,

After a full-upgrade in Sid on 2021-05-02, `gpg --decrypt somefile.gpg` fails:

  gpg: encrypted with 256-bit ECDH key, ID [hopefully irrelevant]
  gpg: public key decryption failed: Invalid object
  gpg: decryption failed: No secret key

Strace provides a little more context:

  read(6, "S INQUIRE_MAXLEN 4096\nINQUIRE CIPHERT"..., 1002) = 41
  write(6, "D (7:enc-val(4:ecdh(1:s49:0V\333\26\231\377\242\231\237b\375"..., 120) = 120
  write(6, "END", 3)                      = 3
  write(6, "\n", 1)                       = 1
  read(6, "ERR 16777281 Invalid object <gcrypt>\n", 1002) = 37

Considering the list of updated packages this day, libgcrypt20:amd64 (1.8.7-3,
1.8.7-4) is the likely culprit.  Its changelog states:

  libgcrypt20 (1.8.7-4) unstable; urgency=medium

    * Update from LIBGCRYPT-1.8-BRANCH:
      + 30_07-Fix-previous-commit.patch
      + 30_08-ecc-Check-the-input-length-for-the-point.patch

   -- Andreas Metzler <ametzler at debian.org>  Sun, 02 May 2021 13:58:47 +0200

The second patch is precisely about returning "Invalid object" /
GPG_ERR_INV_OBJ in some case related to GnuPG and ECDH decryption.

Therefore, could you please double-check this patch?
Thanks for your work.

Cheers,
-- Xavier G.

-- System Information:
Debian Release: 11.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-6-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libgcrypt20 depends on:
ii  libc6          2.31-12
ii  libgpg-error0  1.38-2

libgcrypt20 recommends no packages.

Versions of packages libgcrypt20 suggests:
pn  rng-tools  <none>

-- no debconf information